Threat Modeling Workshop

Since about half of all security vulnerabilities in software are due to design errors, safety measures must be considered during the design phase. In this phase, the cost of fixing vulnerabilities is comparatively low compared to the implementation phase. Threat modeling helps to identify threats, regardless of the complexity of the architecture. The method supports the development of a trustworthy security design. A complete threat modeling is carried out systematically and methodically with the aim of reducing or even eliminating the effects of the detected threats.

Agenda

Basic Security Testing Process Concepts

Threat Modeling Basics

Modeling of Data Flow Diagrams

Exercise: Data Flow Diagrams

STRIDE-Classification

Exercise: Identify Threats

Threat Specialization

Review of Threats

Exercise: Threat Trees

Creating Mitigation Plan and Measures

Exercise: Threat Process

Questions and Recommendations

After completing the workshop, you will receive a certificate of attendance.